权限管理

------ ## 一:权限管理 ### 1. 权限级别 - Global level:系统级,所有库,所有表的权限 - Database level:某个数据库中的所有表的权限 - Table level:库中的某个表的权限 - Column level:表中的某个字段的权限 - procs level:某个存储过程的权限 - proxies level:代理服务器的权限 ### 2. 查看权限记录表 因为超级管理员默认已经设置;所以直接查询权限即可 #### Global level ```SQL mysql> select * from mysql.user\G *************************** 1. row *************************** Host: localhost User: root Select_priv: Y Insert_priv: Y Update_priv: Y Delete_priv: Y Create_priv: Y Drop_priv: Y Reload_priv: Y Shutdown_priv: Y Process_priv: Y File_priv: Y Grant_priv: Y References_priv: Y Index_priv: Y Alter_priv: Y Show_db_priv: Y Super_priv: Y Create_tmp_table_priv: Y Lock_tables_priv: Y Execute_priv: Y Repl_slave_priv: Y Repl_client_priv: Y Create_view_priv: Y Show_view_priv: Y Create_routine_priv: Y Alter_routine_priv: Y Create_user_priv: Y Event_priv: Y Trigger_priv: Y Create_tablespace_priv: Y ssl_type: ssl_cipher: x509_issuer: x509_subject: max_questions: 0 max_updates: 0 max_connections: 0 max_user_connections: 0 plugin: mysql_native_password authentication_string: *AD894C69730A54BD7AB4A411AC954632A005973A password_expired: N password_last_changed: 2025-03-09 17:33:44 password_lifetime: NULL account_locked: N *************************** 2. row *************************** Host: localhost User: mysql.session Select_priv: N Insert_priv: N Update_priv: N Delete_priv: N Create_priv: N Drop_priv: N Reload_priv: N Shutdown_priv: N Process_priv: N File_priv: N Grant_priv: N References_priv: N Index_priv: N Alter_priv: N Show_db_priv: N Super_priv: Y Create_tmp_table_priv: N Lock_tables_priv: N Execute_priv: N Repl_slave_priv: N Repl_client_priv: N Create_view_priv: N Show_view_priv: N Create_routine_priv: N Alter_routine_priv: N Create_user_priv: N Event_priv: N Trigger_priv: N Create_tablespace_priv: N ssl_type: ssl_cipher: x509_issuer: x509_subject: max_questions: 0 max_updates: 0 max_connections: 0 max_user_connections: 0 plugin: mysql_native_password authentication_string: *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE password_expired: N password_last_changed: 2025-03-09 17:31:55 password_lifetime: NULL account_locked: Y *************************** 3. row *************************** Host: localhost User: mysql.sys Select_priv: N Insert_priv: N Update_priv: N Delete_priv: N Create_priv: N Drop_priv: N Reload_priv: N Shutdown_priv: N Process_priv: N File_priv: N Grant_priv: N References_priv: N Index_priv: N Alter_priv: N Show_db_priv: N Super_priv: N Create_tmp_table_priv: N Lock_tables_priv: N Execute_priv: N Repl_slave_priv: N Repl_client_priv: N Create_view_priv: N Show_view_priv: N Create_routine_priv: N Alter_routine_priv: N Create_user_priv: N Event_priv: N Trigger_priv: N Create_tablespace_priv: N ssl_type: ssl_cipher: x509_issuer: x509_subject: max_questions: 0 max_updates: 0 max_connections: 0 max_user_connections: 0 plugin: mysql_native_password authentication_string: *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE password_expired: N password_last_changed: 2025-03-09 17:31:55 password_lifetime: NULL account_locked: Y 3 rows in set (0.00 sec) ``` 字段介绍: ``` 用户字段:root 权限字段:Select_priv 安全字段:*B1DD4ADE47888D9AEC4D705C85230F1B52D2A817 Select_priv:查询权限 Insert_priv:插入权限 Update_priv:更新权限 Delete_priv:删除权限 ...... ``` #### Database level ```SQL mysql> select * from mysql.db\G *************************** 1. row *************************** Host: localhost Db: performance_schema User: mysql.session Select_priv: Y Insert_priv: N Update_priv: N Delete_priv: N Create_priv: N Drop_priv: N Grant_priv: N References_priv: N Index_priv: N Alter_priv: N Create_tmp_table_priv: N Lock_tables_priv: N Create_view_priv: N Show_view_priv: N Create_routine_priv: N Alter_routine_priv: N Execute_priv: N Event_priv: N Trigger_priv: N *************************** 2. row *************************** Host: localhost Db: sys User: mysql.sys Select_priv: N Insert_priv: N Update_priv: N Delete_priv: N Create_priv: N Drop_priv: N Grant_priv: N References_priv: N Index_priv: N Alter_priv: N Create_tmp_table_priv: N Lock_tables_priv: N Create_view_priv: N Show_view_priv: N Create_routine_priv: N Alter_routine_priv: N Execute_priv: N Event_priv: N Trigger_priv: Y 2 rows in set (0.00 sec) ``` 测试库权限: ```SQL mysql> create database t1; Query OK, 1 row affected (0.00 sec) mysql> grant all on t1.* to 't1'@'localhost' identified by 'Wdsji@213'; Query OK, 0 rows affected, 1 warning (0.00 sec) ``` 查看: ```SQL *************************** 3. row *************************** Host: localhost Db: t1 User: t1 Select_priv: Y Insert_priv: Y Update_priv: Y Delete_priv: Y Create_priv: Y Drop_priv: Y Grant_priv: N References_priv: Y Index_priv: Y Alter_priv: Y Create_tmp_table_priv: Y Lock_tables_priv: Y Create_view_priv: Y Show_view_priv: Y Create_routine_priv: Y Alter_routine_priv: Y Execute_priv: Y Event_priv: Y Trigger_priv: Y 3 rows in set (0.00 sec) ``` 验证: ```SQL [root@mysql ~]# mysql -ut1 -p'Wdsji@213'; mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | t1 | +--------------------+ 2 rows in set (0.00 sec) ``` #### Table level ```SQL mysql> select * from mysql.tables_priv\G *************************** 1. row *************************** Host: localhost Db: mysql User: mysql.session Table_name: user Grantor: boot@connecting host Timestamp: 0000-00-00 00:00:00 Table_priv: Select Column_priv: *************************** 2. row *************************** Host: localhost Db: sys User: mysql.sys Table_name: sys_config Grantor: root@localhost Timestamp: 2025-03-09 17:31:55 Table_priv: Select Column_priv: 2 rows in set (0.00 sec) ``` 创建库表验证: ```SQL mysql> create database t2; Query OK, 1 row affected (0.00 sec) mysql> use t2; Database changed mysql> create table u1(id int); Query OK, 0 rows affected (0.01 sec) mysql> insert into u1 values(1); Query OK, 1 row affected (0.01 sec) mysql> grant all on t2.u1 to 't2'@'localhost' identified by 'Wxhfua@3414'; Query OK, 0 rows affected, 1 warning (0.00 sec) mysql> create table u2(id int); Query OK, 0 rows affected (0.00 sec) mysql> show tables; +--------------+ | Tables_in_t2 | +--------------+ | u1 | | u2 | +--------------+ 2 rows in set (0.00 sec) ``` 权限查看: ```SQL mysql> select * from mysql.tables_priv\G *************************** 3. row *************************** Host: localhost Db: t2 User: t2 Table_name: u1 Grantor: root@localhost Timestamp: 0000-00-00 00:00:00 Table_priv: Select,Insert,Update,Delete,Create,Drop,References,Index,Alter,Create View,Show view,Trigger Column_priv: 3 rows in set (0.00 sec) ``` 验证:(登录t2账户,看到u1表,看不到u2代表权限成功) ```SQL [root@mysql ~]# mysql -ut2 -p'Wxhfua@3414' mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | t2 | +--------------------+ 2 rows in set (0.00 sec) mysql> use t2 Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Database changed mysql> show tables; +--------------+ | Tables_in_t2 | +--------------+ | u1 | +--------------+ 1 row in set (0.00 sec) ``` #### Column level ```SQL mysql> select * from mysql.columns_priv\G Empty set (0.00 sec) mysql> insert into mysql.columns_priv(host,db,user,table_name,column_name,column_priv) values('%','t2','t2','u1','id','select'); Query OK, 1 row affected (0.00 sec) mysql> select * from mysql.columns_priv\G *************************** 1. row *************************** Host: % Db: t2 User: t2 Table_name: u1 Column_name: id Timestamp: 2025-03-11 19:37:00 Column_priv: Select 1 row in set (0.00 sec) ``` 注意: ​ 前提是有库,有表,有权限 ## 二:用户管理 ### 1. 登录和退出 ```bash [root@mysql ~]# mysql -h 192.168.18.160 -P 3306 -u root -pmysql -e "show databases;" [root@mysql ~]# mysql -h 192.168.18.160 -P 3306 -u root -pmysql mysql -e "show tables;" ``` ### 2. 创建用户 方式一: ```SQL mysql> create user wxin; ERROR 1819 (HY000): Your password does not satisfy the current policy requirements 注意: 该报错是因为密码强度问题,取消密码强度即可创建用户 mysql> create user wxin@'%' identified by 'Wfsf@31241'; Query OK, 0 rows affected (0.00 sec) mysql> flush privileges; ``` 方式二: ```SQL mysql> grant all on *.* to 'Wxin'@'localhost' identified by 'Wfsf@31241'; Query OK, 0 rows affected, 1 warning (0.01 sec) mysql> flush privileges; ``` 注意: ​ 该方式采用授权的方式 ​ ALL 所有权限 select 单独某一个权限(多个权限用逗号隔开) ```SQL mysql> grant select on *.* to 'Wxin'@'localhost' identified by 'Wfsf@31241'; Query OK, 0 rows affected, 1 warning (0.01 sec) mysql> flush privileges; ``` ``` *.* 所有的库所有的表 也可以单独某一个库某一个表 ``` ``` root@localhost 用户有则授权无则创建 localhost % 10.19.40.% 10.19.40.11 ``` ### 3. 删除用户 方式一: ```SQL mysql> drop user wxin@'%'; Query OK, 0 rows affected (0.00 sec) ``` 方式二: ```SQL ysql> delete from mysql.user where user='Wxin' and Host='%'; Query OK, 0 rows affected (0.00 sec) mysql> flush privileges; ``` ### 4. 修改密码 方式一: ```SQL [root@mysql ~]# mysqladmin -uroot -p'Wxin@123456' password 'Wxin@123' ``` 方式二: ```SQL mysql> update mysql.user set authentication_string=password(123456) where user='Wxin' and Host='%'; Query OK, 0 rows affected, 1 warning (0.00 sec) Rows matched: 0 Changed: 0 Warnings: 1 mysql> flush privileges; ``` 注意: ​ 刷新授权表后生效:flush privileges 自己设置自己密码: ```SQL mysql> set password='Wxin@123'; Query OK, 0 rows affected (0.00 sec) ``` root用户修改其他用户密码: 方法一: ```SQL mysql> set password for wxin@'localhost'='Wxin@123456'; Query OK, 0 rows affected (0.00 sec) ``` 方式二: ```SQL mysql> update mysql.user set authentication_string=password('Wxin@123') where user='wxin' and host='localhost'; Query OK, 1 row affected, 1 warning (0.00 sec) Rows matched: 1 Changed: 1 Warnings: 1 ``` ### 5. 查看密码策略 ```SQL mysql> show variables like 'validate_password%'; +--------------------------------------+--------+ | Variable_name | Value | +--------------------------------------+--------+ | validate_password_check_user_name | OFF | | validate_password_dictionary_file | | | validate_password_length | 8 | | validate_password_mixed_case_count | 1 | | validate_password_number_count | 1 | | validate_password_policy | MEDIUM | | validate_password_special_char_count | 1 | +--------------------------------------+--------+ 7 rows in set (0.01 sec) ``` 参数解释: - validate_password_dictionary_file 指定密码验证的文件路径 - validate_password_length 密码最小长度 - validate_password_mixed_case_count 密码至少要包含的小写字母个数和大写字母个数 - validate_password_number_count 密码至少要包含的数字个数 - validate_password_policy 密码强度检查等级,对应等级为:0/LOW、1/MEDIUM、2/STRONG,默认为1 1. 0/LOW:只检查长度 2. 1/MEDIUM:检查长度、数字、大小写、特殊字符 3. 2/STRONG:检查长度、数字、大小写、特殊字符字典文件 - validate_password_special_char_count密码至少要包含的特殊字符数 修改密码策略: ```SQL mysql> show variables like 'validate_password%'; +--------------------------------------+--------+ | Variable_name | Value | +--------------------------------------+--------+ | validate_password_check_user_name | OFF | | validate_password_dictionary_file | | | validate_password_length | 8 | | validate_password_mixed_case_count | 1 | | validate_password_number_count | 1 | | validate_password_policy | MEDIUM | | validate_password_special_char_count | 1 | +--------------------------------------+--------+ 7 rows in set (0.01 sec) mysql> set global validate_password_length=4; Query OK, 0 rows affected (0.00 sec) mysql> show variables like 'validate_password%'; +--------------------------------------+--------+ | Variable_name | Value | +--------------------------------------+--------+ | validate_password_check_user_name | OFF | | validate_password_dictionary_file | | | validate_password_length | 4 | | validate_password_mixed_case_count | 1 | | validate_password_number_count | 1 | | validate_password_policy | MEDIUM | | validate_password_special_char_count | 1 | +--------------------------------------+--------+ 7 rows in set (0.00 sec) ``` 关闭密码策略: ```SQL 修改配置文件,添加以下参数: [root@mysql ~]# vim /etc/my.cnf validate_password=off ```